/ecr-mirror

Mirror public repositories to internal ECR repos

Primary LanguagePython

Docker ECR Mirror

Mirror public docker images to ECR, automagically. This requires Skopeo to be installed.

pip install ecr-mirror

Usage

$ ecr-mirror
Usage: ecr-mirror [OPTIONS] COMMAND [ARGS]...

Options:
  --registry-id TEXT    The registry ID. This is usually your AWS account ID.
  --role-arn TEXT       Assume a specific role to push to AWS
  --override-os TEXT    Specify the OS of images, default to "linux"
  --override-arch TEXT  Specify the ARCH of images, default to "amd64". If set
                        to "all" - all architectures will be synced

  --help                Show this message and exit.

Commands:
  copy        Copy all tags that match a given glob expression into ECR
  list-repos  List all repositories that will be synced
  sync        Copy public images to ECR using ECR tags

Create an ECR repository with the following two tags set:

  • upstream-image set to a public Docker hub image, i.e nginx or istio/proxyv2
  • upstream-tags set to a /-separated list of tag globs, i.e 1.6.* or just 1.2-alpine. ECR does not allow the use of the * character in tag values, so you should use + as a replacement.
  • ignore-tags set to a /-separated list of tag globs to ignore. ECR does not allow the use of the * character in tag values, so you should use + as a replacement.

Terraform example:

resource "aws_ecr_repository" "repo" {
  name = "nginx"
  tags = {
    upstream-image = "nginx",
    // Mirror 1.16* and 1.17*
    upstream-tags = "1.16+/1.17+"
    ignore-tags = "+-gpu"
  }
}

Running ecr-mirror sync will begin concurrently fetching all images and pushing them to ECR.

You can run ecr-mirror list-repos to see all repositories that will be mirrored.

You can also manually copy specific image patterns using ecr-mirror copy:

ecr-mirror copy "istio/proxyv2:1.6.*" ACCOUNT_ID.dkr.ecr.eu-west-1.amazonaws.com/istio-proxyv2